|Publication number||US8234706 B2|
|Application number||US 11/820,759|
|Publication date||Jul 31, 2012|
|Filing date||Jun 20, 2007|
|Priority date||Sep 8, 2006|
|Also published as||US20080065646|
|Publication number||11820759, 820759, US 8234706 B2, US 8234706B2, US-B2-8234706, US8234706 B2, US8234706B2|
|Inventors||Dongmei Zhang, Yingnong Dang, Xiaohui Hou, Song Huang, Jian Wang|
|Original Assignee||Microsoft Corporation|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (78), Non-Patent Citations (31), Referenced by (3), Classifications (15), Legal Events (3)|
|External Links: USPTO, USPTO Assignment, Espacenet|
Software security is closely monitored to help prevent security problems. At any time, numerous viruses and/or malware attempt to attack known and unknown public and private vulnerabilities. Software security management is an essential part of elevating software reliability and quality.
To help organize software vulnerability information, many vendors provide an on-line bulletin board for posting related fixes and alerts. In addition to vendor specific security bulletin boards, other sites have been created, mostly by IT administrators, which enable software users to post vulnerabilities and/or fixes to vulnerabilities. In addition, some sites or mailing lists allow users to discuss software security related technologies.
One problem is that the information is not always accurate and/or latest. Furthermore, to find specific vulnerabilities and/or fixes, a user may need to perform an extensive search before finding the right content.
The various locations for software vulnerabilities and un-trusted information can lead to complications with user interaction with these sites.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
A method for enabling access to software security data is provided. The method includes accessing data associated with software security issues from a plurality of on-line sources. The method further includes aggregating the data from the plurality of on-line sources and identifying attributes associated with the data. The method also includes enabling access to the aggregated data through a graphical user interface that can be used to analyze the data according to the attributes.
The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments of the technology for enabling access to aggregated on-line security information and, together with the description, serve to explain principles discussed below:
The drawings referred to in this description should be understood as not being drawn to scale except if specifically noted.
Reference will now be made in detail to embodiments of the present technology for enabling access to software security data, examples of which are illustrated in the accompanying drawings. While the technology for enabling access to software security data will be described in conjunction with various embodiments, it will be understood that they are not intended to limit the present technology for enabling access to software security data to these embodiments. On the contrary, the presented technology for enabling access to software security data is intended to cover alternatives, modifications and equivalents, which may be included within the spirit and scope the various embodiments as defined by the appended claims.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present technology for enabling access to software security data. However, the present technology for enabling access to software security data may be practiced without these specific details. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present embodiments.
Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present detailed description, discussions utilizing terms such as “mapping”, “segmenting”, “routing”, “interfacing”, “recognizing”, “representing”, “emulating”, “detecting”, “exposing”, “converting”, “authenticating”, “communicating”, “sharing”, “receiving”, “performing”, “generating”, “displaying”, “enabling”, “aggregating”, “highlighting”, “presenting”, “configuring”, “identifying”, “reporting”, “ensuring”, “suppressing”, “disabling”, “ending”, “providing”, and “accessing” or the like, refer to the actions and processes of a computer system, or similar electronic computing device. The computer system or similar electronic computing device manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission, or display devices. The present technology for enabling access to software security data is also well suited to the use of other computer systems such as, for example, optical and mechanical computers.
With reference now to
System 100 of
System 100 also includes computer usable non-volatile memory 110, e.g. read only memory (ROM), coupled to bus 104 for storing static information and instructions for processors 106A, 106B, and 106C. Also present in system 100 is a data storage unit 112 (e.g., a magnetic or optical disk and disk drive) coupled to bus 104 for storing information and instructions. System 100 also includes an optional alphanumeric input device 114 including alphanumeric and function keys coupled to bus 104 for communicating information and command selections to processor 106A or processors 106A, 106B, and 106C. System 100 also includes an optional cursor control device 116 coupled to bus 104 for communicating user input information and command selections to processor 106A or processors 106A, 106B, and 106C. System 100 of the present embodiment also includes an optional display device 118 coupled to bus 104 for displaying information.
Referring still to
Optional cursor control device 116 allows the computer user to dynamically signal the movement of a visible symbol (cursor) on display device 118. Many implementations of cursor control device 116 are known in the art including a trackball, mouse, touch pad, joystick or special keys on alpha-numeric input device 114 capable of signaling movement of a given direction or manner of displacement. Alternatively, it will be appreciated that a cursor can be directed and/or activated via input from alpha-numeric input device 114 using special keys and key sequence commands.
System 100 is also well suited to having a cursor directed by other means such as, for example, voice commands. System 100 also includes an I/O device 120 for coupling system 100 with external entities. For example, in one embodiment, I/O device 120 is a modem for enabling wired or wireless communications between system 100 and an external network such as, but not limited to, the Internet.
Referring still to
The computing system 100 is only one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the present technology. Neither should the computing environment 100 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary computing system 100.
The present technology is operational with numerous other general-purpose or special-purpose computing system environments or configurations. Examples of well known computing systems, environments, and configurations that may be suitable for use with the present technology include, but are not limited to, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The present technology may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. The present technology may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer-storage media including memory-storage devices.
The on-line information about software security and vulnerabilities, including message boards, mailing lists and web sites, is much valuable to security researchers, system administrators, software vendors, IT professionals, and anyone who is interested in software protection. The volume of such information and the endless sources for such information leads to challenges in accessing the right information easily.
It is appreciated that embodiments of the present technology are well suited for accessing and aggregating any type of information related to software. In one embodiment, the security information includes but is not limited to software vulnerabilities, advisories, discussions, documents, virus/worm related information, security event reporting and/or discussions, etc.
Embodiments of the present technology collect and organize software security data from numerous sources where it can then be analyzed. In other words, the information is aggregated from multiple sources into a single and user friendly place where it can be analyzed according to user specified metrics. The present technology enables access to on-line software security information in an efficient and easy to understand layout. Furthermore, an in-depth study can be performed to mine the data according to a specific user goal.
In one embodiment, the present technology provides a “snap-shot” of what is happening in the security community. For example, the “snap-shot” may show important developments and/or identified software risks, and the average number of message postings for the day, week, month, etc. related to a particular security topic. In one embodiment, the snap-shot data can be compared to historical data to identify trends.
In addition to the security snap-shot, in-depth analysis can be performed on the aggregated information. For example, if a user is interested in a particular security topic, they may want to view message postings related to the particular topic. Embodiments of the technology enable a user to have access to related security information in a single place wherein the data may be aggregated from multiple sources.
Users may also be interested in learning the vulnerabilities of a particular software. Embodiments of the present technology enable a user to access information related to a particular piece of software at a single place that may be compiled and aggregated from multiple sources. This enables a quick and easy understanding of all security related to a product without having to visit multiple sources and perform multiple searches.
Graphical presentation of the data is an important aspect of the present technology. For example, embodiments of the present technology use graphs, charts, color coding, numerical ratings, etc. for describing key elements in the security community and relationships between different key elements, including products, security researchers, security domain specific keywords, documents, messages, etc. It is appreciated that documents and messages can be the same thing in accordance with embodiments of the present technology.
Embodiments of the present technology use real-time crawlers to access and retrieve the security data from multiple locations. The information is then compiled and aggregated into a single location where it can be manipulated and researched according to attributes identified from the data. The attributes may include but are not limited to product name, product version, date, security researcher, security site, manufacturer site, news articles, number of message positing, etc. In one embodiment, information is rated for accuracy and how helpful it is. A trust rating can be assigned to various pieces of data. This enables a user to quickly identify and distinguish good data from bad data.
It is appreciated that the on-line security sites 202 and 204 may be web sites, data bases, message boards, or any other on-line source for software security information. The network 260 may be the Internet, however, it is appreciated that network 260 could be any network capable of communicatively coupling the on-line sources 202 and 204 to the software security data access enabler module 245.
The software security data access enabler module 245 may be part of a computer system such as a web server. However, it is appreciated that the software security data access enabler module 245 could be part of any computer system capable of aggregating software security data from a plurality of sources.
Data collector 310 collects the software security data from a plurality of locations. In one embodiment, data collector 310 includes or is coupled with a web crawler. The web crawler navigates the on-line sites for any new or changed data. The data is then aggregated by the software security data compiler 320. The software security data compiler accesses the data from the data collector and organizes the data so that it can be analyzed, searched, and used at a single location. It is appreciated that any number of methods and systems could be used to crawl the on-line sites for the software security data in accordance with the present technology for enabling access to aggregated on-line software security data.
An attribute identifier 330 identifies attributes from the data collected from the plurality of sites. The attribute identifier may enable organization of the data according to the identified attributes. For example, if a piece of data is identified as a message board posting, it may be stored along with other message board postings. Another example is if more than one piece of data is identified as discussing the same product, the pieces may be displayed together so that issues associated with the product can be viewed simultaneously.
A relationship determiner 340 determines relationships between different pieces of data. For example, the relationship determiner 340 could identify two or more messages related to the same topic. In another embodiment, the relationship determiner 340 identifies two software products related to the same vulnerabilities and/or security issues. The relationship determiner 340 may also identify products with one or more keywords. In one embodiment, the keywords are retrieved from message postings associated with the product. In one embodiment, the relationship is quantified in the form of a rating. For example, the higher the rating, the more related the data is. In another embodiment, the rating is color coded. When data is highly related, a particular color is used. It is appreciated that the relationship determiner 340 can perform many different statistical calculations and complex mathematical calculations that can be used to determine relationships between two or more pieces of data.
In one embodiment, the relationship determiner generates a graphical representation that can be displayed on a graphical user interface. For example, the relationship determiner could generate a graph showing the number of related messages within the last week. In one embodiment, the relationship determiner may provide data to the UI generator 399 so that the UI generator 399 can generate the graphical representation that is provided to the graphical user interface.
A trend determiner 350 identifies trends in the compiled data. For example, the trend determiner may determine whether the number of posts related to a particular topic are increasing or decreasing over a predetermined period of time. The trend determiner 350 could also identify the trends associated with a particular product. For example, the trend identifier 350 could determine whether the number of vulnerabilities associated with a piece of software are increasing or decreasing. It is appreciated that the trend determiner 350 can perform many different statistical calculations and complex mathematical calculations that can be used to determine trends.
In one embodiment, the trend determiner 350 generates a graphical representation that can be displayed on a graphical user interface. For example, the trend determiner could generate a graph showing the number of messages within the last week that are related to a particular topic. In one embodiment, the relationship determiner may provide data to the UI generator 399 so that the UI generator 399 can generate the graphical representation that is provided to the graphical user interface.
A key word accessor 360 can be used to identify data that is associated with a keyword. In one embodiment, the key word accessor is a user interface that can be used to search data that includes the specified keyword. However, in another embodiment, the keyword accessor is “smart” and can determine words that are closely related to a keyword. In this embodiment, the keyword accessor retrieves data that is related to a particular keyword, even data that may not actually include the specified keyword. It is appreciated that the keyword accessor may communicate with other modules, such as the relationship determiner 340 to perform such operations. On another embodiment, a character recognizer 387 is used to determine relationships between data.
In one embodiment, an algorithm is used to extract keywords from documents and/or messages. In one embodiment, the algorithm is used to determine a topic or theme of the particular document or message. In one embodiment, the algorithm recognizes abbreviations, aliases, misspellings, etc. Extracting keywords and/or part of keywords may be preformed by or in conjunction with the character recognizer 387.
For example, the character recognizer 387 may include a data base of words and related words. In one embodiment, the character recognizer recognizes a misspelled word because it recognizes a particular portion of the word. In addition to spelling errors, the character recognizer recognizes that different versions of a particular product are related to each other even though the names of the products may be different.
A data ranker 355 can be used to rank particular sets of data. For example, data can be ranked according to a trust level determined by trust determiner 377. The ranker can also be used to rank how closely a set of data matches, for instance a specified key word. Exact matches would be ranked higher than ones identified by the character recognizer that may not be an exact match to the specified keyword.
The trust determiner 377 maintains a record of how trustworthy a particular piece of data is. For example, there are many sites that have user ratings. The user ratings can be used to determine a level of trust associated with a particular site. Information accessed from sites that have higher ratings is assigned higher trust ratings than information accessed from sites that are not as trusted. It is appreciated that ranking and trust level can be a characteristic of each identified attribute.
It is appreciated that the ratings may not be site specific. It is appreciated that any number of metrics could be used to rate the data and determine a level of trust. For example, a person who posts information frequently on message boards may have a higher trust rating than a person making a first post.
In one embodiment, the graphical user interface 420 includes a dashboard portion 422, an in-depth study portion 424, an info browsing portion 426 and a search portion 428. In one embodiment, the user can select the modules to manipulate and study software security data visually.
These four portions provide different levels of information to the user. For example, the dashboard 422 provides an overview of what's going on in the security community. The in-depth study 424 allows users to drill down to a specific area of the security community, such as researching a specific software product. Info-browsing 426 allows a user to reference organized raw data, such as message postings. The search portion 428 enables a user to search any terms in the security domain and presents the search results in a well organized way. When organizing aggregated on-line information in a domain (not just limited in security information domain) this four levels approach to organization can be applied.
The dashboard 422 can be used to present the snap-shot that was described above. The dashboard 422 is intended to provide a quick update as to what is going on in the on-line software security community. Specifics of the dashboard 422 are provided in conjunction with the description of
The in-depth study 424 can be used to perform statistical and mathematical operations on the data to analyze the data collected from various sources. The in-depth study 424 is intended to analysis of what is going on in the on-line software security community. Specifics of the in-depth study are provided in conjunction with the description of
The info browsing portion 426 enables a user to navigate the raw data collected from the various sites. For example, by selecting the info-browsing portion of the graphical user interface 420, a user can browse messages according to data source, software product, security researcher, topic, keyword, etc.
The search portion 428 enables input of query terms. In one embodiment, related advisories, related posts, related security researchers and related posters are returned along with the query results of the search term. It is appreciated that any number of results could be returned in response to a specific search term in accordance with embodiments of the present technology for enabling access to aggregated on-line software security data.
As stated previously, the dashboard is intended to provide overview information quickly. It provides a snap shot of what is happening in the on-line software security community. For example, the dashboard may include a snap shot of what has happened in the past week 502. The past week 502 may include, for example, the top five topics from the past week. The past week 502 could also include the most relevant or important message postings from the past week. The past week portion 502 may include any number of graphs or other graphical representations of data so that the user can easily understand and comprehend vast amounts of data associated with what has happened in the past week quickly and easily.
Accordingly, the dashboard also includes a portion that indicates important data from the past month 504. It provides a more in-depth study of what has been going on in the past month compared to the snap shot described above. The past month 504 may include, for example, the top five topics from the past month. The past month 504 could also include the most relevant or important message postings from the past month. The past month 504 may also include a daily trend of security messages posted. The past month portion 504 may include any number of graphs or other graphical representations of data so that the user can easily understand and comprehend vast amounts of data associated with what has happened in the past month quickly and easily.
The dashboard may also include a long-term trend portion 508. The long-term trend portion can be used to analyze data that is older than one month. The long-term trend portion 508 enables a user to see trends in the on-line security environment that may not show up in the past week portion 502 or the past month portion 504. In one embodiment, the past week 502 data, past month 504 data, daily trends data can be compared to the long-term data.
In one embodiment, included with the past week info 502, past month info 504 or long-term info 508 is a daily trend portion for identifying what is going on in the on-line software community that day. The daily trend may show data such as the number of postings for the day, the top topics of the day, the number of persons visiting security sites, etc. The daily trend portion may include any number of graphs or other graphical representations of data so that the user can easily understand and comprehend vast amounts of data associated with what has happened in a day quickly and easily.
For example, the in-depth study portion enables temporal analysis 602 of the data aggregated from a plurality of sources. The temporal analysis 602 enables a user to see the overall trend of the number of messages associated with a particular topic, keyword, researcher, product, etc. It also enables a user to navigate among relationship graphs of key elements of the security community. It is appreciated that the temporal analysis can be used to perform statistical and mathematical operations on any number of data attributes. The analysis can be used to generate a graphical representation of the temporal analysis results in a clear and easy to understand format.
The in-depth study also includes a security visualizer 604. The security visualizer 604 enables a user to gain an overall understanding of all vulnerabilities of a product easily and quickly. The security visualizer 604 enables a user to drill down through the aggregated data to see all advisories, postings, related messages, etc. associated with specific search terms and/or attributes.
The in-depth study also includes a security relationship visualizer 606. The security relationship visualizer 606 enables a user to gain an overall understanding of all security relationships of key security elements (such as a product, a researcher, a domain-specific keyword) easily and quickly and be able to navigate from one element to another related security element and view all relationships of the new selected element. The security relationship visualizer 606 enables a user to drill down through the aggregated data to see all advisories, postings, related messages, etc. associated with keywords and documents. The security relationship visualizer 606 can generate graphical representations of the security relationships.
Similar to the security relationship visualizer, the in-depth study 424 also includes a trust visualizer 608. The trust visualizer 608 enables a user to see a trust rating associated with particular security data. The trust level could be conveyed, for example, with a numerical or color coded rating. It is appreciated that the trust information could be incorporated into one of the other portions described above.
At 702, 700 includes accessing data associated with software vulnerabilities from a plurality of on-line sources. In one embodiment, a crawler performs real-time data acquisitions from a plurality of on-line sites.
At 704, 700 includes aggregating the data from the plurality of sites. Embodiments of the present technology aggregate data from a plurality of sources and enable access to the data at a single location where a user can quickly and easily examine the data and perform analysis of the data. In one embodiment, the aggregated is presented in a graphical fashion to the user through a graphical user interface.
At 706, 700 includes identifying attributes associated with the data. In one embodiment, the attribute identification includes a full text search of the data. For example, a keyword query search can be performed to identify data that includes the keyword or other words that are related to the keyword. In one embodiment, advanced algorithms may be used to identify attributes. For example, domain-specific key word extraction, entity (e.g., researcher name, product name) extraction, etc. It is appreciated that any number of attributes could be identified from the aggregated data.
At 708, 700 includes enabling access to the aggregated data through a graphical user interface that can be used analyze the data according to the attributes. As stated above, numerous operations can be performed on the data including generating a snapshot, performing a search, performing temporal analysis, etc.
Although the subject matter has been described in a language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4550436||Jul 26, 1983||Oct 29, 1985||At&T Bell Laboratories||Parallel text matching methods and apparatus|
|US5767854||Sep 27, 1996||Jun 16, 1998||Anwar; Mohammed S.||Multidimensional data display and manipulation system and methods for using same|
|US5838965||Nov 10, 1994||Nov 17, 1998||Cadis, Inc.||Object oriented database management system|
|US5841895||Oct 25, 1996||Nov 24, 1998||Pricewaterhousecoopers, Llp||Method for learning local syntactic relationships for use in example-based information-extraction-pattern learning|
|US5946481||Sep 4, 1997||Aug 31, 1999||Lucent Technologies Inc.||Method for detecting errors in models through restriction|
|US6070244||Nov 10, 1997||May 30, 2000||The Chase Manhattan Bank||Computer network security management system|
|US6301579||Oct 20, 1998||Oct 9, 2001||Silicon Graphics, Inc.||Method, system, and computer program product for visualizing a data structure|
|US6466211||Oct 22, 1999||Oct 15, 2002||Battelle Memorial Institute||Data visualization apparatuses, computer-readable mediums, computer data signals embodied in a transmission medium, data visualization methods, and digital computer data visualization methods|
|US6675350||Nov 4, 1999||Jan 6, 2004||International Business Machines Corporation||System for collecting and displaying summary information from disparate sources|
|US6707454||Oct 12, 1999||Mar 16, 2004||Lucent Technologies Inc.||Systems and methods for visualizing multi-dimensional data in spreadsheets and other data structures|
|US6772348||Apr 27, 2000||Aug 3, 2004||Microsoft Corporation||Method and system for retrieving security information for secured transmission of network communication streams|
|US6842176||Jul 22, 2002||Jan 11, 2005||Silicon Graphics, Inc.||Computer-related method and system for controlling data visualization in external dimension(s)|
|US6961732||Dec 18, 2001||Nov 1, 2005||General Electric Company||Web based process capability data collection and reporting system|
|US6995768||May 10, 2001||Feb 7, 2006||Cognos Incorporated||Interactive business data visualization system|
|US7082044||Mar 12, 2004||Jul 25, 2006||Sensory Networks, Inc.||Apparatus and method for memory efficient, programmable, pattern matching finite state machine hardware|
|US7117199||Feb 22, 2001||Oct 3, 2006||Metacarta, Inc.||Spatially coding and displaying information|
|US7143055||Jun 9, 1997||Nov 28, 2006||Ipf, Inc.||Internet-based system for collecting, managing and serving consumer product-related information over the internet using trademarks and universal resource locators (urls) symbolically-linked by manufacturers of consumer products and/or their agents|
|US7149968||Jan 21, 2000||Dec 12, 2006||Siemens Aktiengesellschaft||Method for the simultaneous non-overlapping representation of at least two data visualization windows in a display area of a monitor of a data processing installation|
|US7159237||Jan 19, 2001||Jan 2, 2007||Counterpane Internet Security, Inc.||Method and system for dynamic network intrusion monitoring, detection and response|
|US7182257||Mar 24, 2005||Feb 27, 2007||Hitachi, Ltd.||Distribution management method and system|
|US7287230||Dec 13, 2000||Oct 23, 2007||National Instruments Corporation||Configuring a GUI element to subscribe to data|
|US7322047||Dec 31, 2002||Jan 22, 2008||Digital Doors, Inc.||Data security system and method associated with data mining|
|US7539693||Nov 17, 2004||May 26, 2009||Metacarta, Inc.||Spatially directed crawling of documents|
|US7596581||Nov 17, 2004||Sep 29, 2009||Metacarta, Inc.||Relevance ranking of spatially coded documents|
|US7603350 *||May 9, 2006||Oct 13, 2009||Google Inc.||Search result ranking based on trust|
|US7607169 *||Dec 2, 2002||Oct 20, 2009||Arcsight, Inc.||User interface for network security console|
|US7681121||Jun 8, 2005||Mar 16, 2010||Canon Kabushiki Kaisha||Image processing apparatus, control method therefor, and program|
|US7685201||Apr 30, 2007||Mar 23, 2010||Microsoft Corporation||Person disambiguation using name entity extraction-based clustering|
|US7694328 *||Oct 21, 2004||Apr 6, 2010||Google Inc.||Systems and methods for secure client applications|
|US7761423 *||Oct 11, 2006||Jul 20, 2010||OneSpot, Inc.||System and method for indexing a network of interrelated elements|
|US7774360||May 1, 2007||Aug 10, 2010||Microsoft Corporation||Building bridges for web query classification|
|US20020007309||Apr 24, 2001||Jan 17, 2002||Micrsoft Corporation||Method and system for providing electronic commerce actions based on semantically labeled strings|
|US20020078381 *||Apr 27, 2001||Jun 20, 2002||Internet Security Systems, Inc.||Method and System for Managing Computer Security Information|
|US20020144142||Apr 3, 2001||Oct 3, 2002||Dalia Shohat||Automatic creation of roles for a role-based access control system|
|US20030097378||Nov 20, 2001||May 22, 2003||Khai Pham||Method and system for removing text-based viruses|
|US20030120684||Jul 25, 2002||Jun 26, 2003||Secretseal Inc.||System and method for providing manageability to security information for secured items|
|US20030120949||Dec 31, 2002||Jun 26, 2003||Digital Doors, Inc.||Data security system and method associated with data mining|
|US20030135445||Jan 22, 2002||Jul 17, 2003||Herz Frederick S.M.||Stock market prediction using natural language processing|
|US20040034550||Aug 16, 2002||Feb 19, 2004||Menschik Elliot D.||Methods and systems for managing distributed digital medical data|
|US20040064722||Oct 1, 2002||Apr 1, 2004||Dinesh Neelay||System and method for propagating patches to address vulnerabilities in computers|
|US20040088565||Nov 4, 2002||May 6, 2004||Norman Andrew Patrick||Method of identifying software vulnerabilities on a computer system|
|US20040126017||Dec 30, 2002||Jul 1, 2004||Giovanni Seni||Grammar-determined handwriting recognition|
|US20040183800||Dec 17, 2003||Sep 23, 2004||Terastat, Inc.||Method and system for dynamic visualization of multi-dimensional data|
|US20050060667||Oct 28, 2004||Mar 17, 2005||Microsoft Corporation||Visualization of multi-dimensional data having an unbounded dimension|
|US20050071332||Nov 3, 2004||Mar 31, 2005||Ortega Ruben Ernesto||Search query processing to identify related search terms and to correct misspellings of search terms|
|US20050102534||Nov 12, 2003||May 12, 2005||Wong Joseph D.||System and method for auditing the security of an enterprise|
|US20050108630||Nov 19, 2003||May 19, 2005||Wasson Mark D.||Extraction of facts from text|
|US20050132342||Oct 21, 2004||Jun 16, 2005||International Business Machines Corporation||Pattern-matching system|
|US20050198110||Sep 30, 2004||Sep 8, 2005||Microsoft Corporation||Method and system for filtering communications to prevent exploitation of a software vulnerability|
|US20050204150||Aug 21, 2004||Sep 15, 2005||Cyrus Peikari||Attenuated computer virus vaccine|
|US20050246420 *||Apr 28, 2004||Nov 3, 2005||Microsoft Corporation||Social network email filtering|
|US20050246773||Apr 29, 2004||Nov 3, 2005||Microsoft Corporation||System and methods for processing partial trust applications|
|US20050251509||Aug 1, 2003||Nov 10, 2005||Ben Pontius||System and method of paralled pattern matching|
|US20050273861||Dec 10, 2004||Dec 8, 2005||Brian Chess||Apparatus and method for monitoring secure software|
|US20060004725||Jun 2, 2005||Jan 5, 2006||Abraido-Fandino Leonor M||Automatic generation of a search engine for a structured document|
|US20060021050 *||Jul 22, 2004||Jan 26, 2006||Cook Chad L||Evaluation of network security based on security syndromes|
|US20060021054||Mar 30, 2005||Jan 26, 2006||Microsoft Corporation||Containment of worms|
|US20060047500||Aug 31, 2004||Mar 2, 2006||Microsoft Corporation||Named entity recognition using compiler methods|
|US20060259974||May 16, 2005||Nov 16, 2006||Microsoft Corporation||System and method of opportunistically protecting a computer from malware|
|US20070011323||Jul 5, 2005||Jan 11, 2007||Xerox Corporation||Anti-spam system and method|
|US20070011734||Jun 30, 2005||Jan 11, 2007||Santosh Balakrishnan||Stateful packet content matching mechanisms|
|US20070011741||Jul 8, 2005||Jan 11, 2007||Alcatel||System and method for detecting abnormal traffic based on early notification|
|US20070022023||Jul 18, 2006||Jan 25, 2007||Alessandro Capomassi||Method and apparatus for populating a software catalogue with software knowledge gathering|
|US20070198510 *||Jan 30, 2007||Aug 23, 2007||Customerforce.Com||Method and system for assigning customer influence ranking scores to internet users|
|US20070233782 *||Mar 28, 2007||Oct 4, 2007||Silentclick, Inc.||Method & system for acquiring, storing, & managing software applications via a communications network|
|US20070271235||Oct 2, 2006||Nov 22, 2007||Metacarta, Inc.||Geotext Searching and Displaying Results|
|US20080034059 *||Aug 2, 2006||Feb 7, 2008||Garg Priyank S||Providing an interface to browse links or redirects to a particular webpage|
|US20080104024||Oct 25, 2006||May 1, 2008||Amit Kumar||Highlighting results in the results page based on levels of trust|
|US20080172630||Jun 20, 2007||Jul 17, 2008||Microsoft Corporation||Graphical representation of aggregated data|
|US20080270915||Apr 30, 2008||Oct 30, 2008||Avadis Tevanian||Community-Based Security Information Generator|
|US20090007271||Jun 28, 2007||Jan 1, 2009||Microsoft Corporation||Identifying attributes of aggregated data|
|US20090007272||Jun 28, 2007||Jan 1, 2009||Microsoft Corporation||Identifying data associated with security issue attributes|
|US20090077666 *||Mar 12, 2008||Mar 19, 2009||University Of Southern California||Value-Adaptive Security Threat Modeling and Vulnerability Ranking|
|US20100030894 *||Jun 30, 2009||Feb 4, 2010||David Cancel||Computer program product and method for estimating internet traffic|
|US20100083382 *||Dec 7, 2009||Apr 1, 2010||Farley Timothy P||Method and System for Managing Computer Security Information|
|US20100185611 *||Mar 31, 2010||Jul 22, 2010||Oracle International Corporation||Re-ranking search results from an enterprise system|
|WO2006048796A1||Oct 27, 2005||May 11, 2006||Koninklijke Philips Electronics N.V.||Visualization of a rendered multi-dimensional dataset|
|WO2006130947A1||Apr 4, 2006||Dec 14, 2006||3618633 Canada Inc.||A method of syntactic pattern recognition of sequences|
|1||Brugger, et al., "Data Mining for Security Information: A Survey", Date: Apr. 19, 2001, pp. 1-10, 8th Association for Computing Machinery Conference on Computer & Communications Security, Philadelphia, PA.|
|2||Buja et al., "Interactive Data Visualization using Focusing and Linking", Proceedings of the 2nd Conference on Visualization '91, Date:1991, pp. 156-163, IEEE Computer Society Press, Los Alamitos, CA, USA.|
|3||*||Clifford Lynch, When Documents Deceive: Trust and Provenance as New factors for Information Retreival in a Tangled Web, Journal of American Soc. for Information Science and Technology, 52(1), 12-17, 2001.|
|4||Durant, "Web Queries and Dynamic Chart Data in Excel 2002", available at: , Jun. 2003, 16 pages.|
|5||Durant, "Web Queries and Dynamic Chart Data in Excel 2002", available at: <http://msdn.microsoft.com/enus/library/aa140050.aspx>, Jun. 2003, 16 pages.|
|6||*||Galloway and Simeon, "Network Data Mining: methods and Techniques for Discovering Deep Linkage Between Attributes", Conferences in Research and Practice Information Technoilogy Series, vol. 166, pp. 21-32, 2006.|
|7||Galloway et al., "Network Data Mining: Methods and Techniques for Discovering Deep Linkage between Attributes", Conferences in Research and Practice Information Technology Series, vol. 166, 2006, pp. 21-32.|
|8||*||Google Analytic (16 pages), Nov. 2005.|
|9||Google Analytics, Nov. 25, 2005, 16 Pages.|
|10||Hobbs et al., "FASTUS: A System for Extracting Information from Text", Proceedings, Human Language Technology, Princeton, New Jersey, Mar. 1993, pp. 133-137.|
|11||http://gmane.org, Retrieved on Mar. 28, 2012, 1 page.|
|12||http://secunia.com, retrieved on Mar. 28, 2012, 1 page.|
|13||http://www.securityfocus.com, Retrieved on Mar. 28, 2012, 2 pages.|
|14||Jankun-Kelly et al., "Focus+Context Display of the Visualization Process", CSE-2002-13, Computer Science Deparment, University of California, Davis, 2002, pp. 1-7.|
|15||Jankun-Kelly et al., "Visualization Exploration and Encapsulation via a Spreadsheet-like Interface", Centre for Image Processing and Integrated Computing, Computer Science department, University of California , Davis, Computer Science Department Technical Report, CSE-2002-13, pp. 1-13.|
|16||Krishnan et al, "Scalable Visual Analytics of Massive Textual Databasets," Webpage available at: , 2007, pp. 1-10.|
|17||Krishnan et al, "Scalable Visual Analytics of Massive Textual Databasets," Webpage available at: <http://infoviz.pnl.gov/pdf/inspire—ipdps.pdf>, 2007, pp. 1-10.|
|18||Lengler et al., "Towards a Periodic Table of Visualization Methods for Management", Proceeding 562 of the Graphics and Visualization in Engineering, Jan. 5, 2007, 6 pages.|
|19||Liang et al., "A Pattern Matching and Clustering Based Approach for Supporting Requirements Transformation", Proceedings of the First International Conference on Requirements Engineering, 1994, pp. 180-183.|
|20||Newsome et al., "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software", Jul. 2005, 39 Pages.|
|21||Newsome et al., "Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software", Nov. 2005, pp. 1-14.|
|22||Nilsson et al., "Towards automatic recognition of product names: an exploratory study of brand names in economic texts", Proceedings of the 15th NODALIDA conference, 2005, p. 146-155.|
|23||*||Ozmutluet al., An Architecture for SCS: A Specialized Web Crawler on The Topic of Security., Proceedings of the American Society of Information Science and Technology, v41, p317-326, 2004.|
|24||*||Security Tracker (4 pages), Feb. 2002.|
|25||SecurityTracker.com, "Security Tracker Product Brochure" Dec. 2002.|
|26||SecurityTracker.com, "SecurityTracker Vulnerability Notification Service FAQ", Feb. 2002, 4 pages.|
|27||Sotirov, "Automatic Vulnerability Detection Using Static Source Code Analysis", Tuscaloosa, Alabama, 2005, 118 pages.|
|28||Thompson et al., "Name Searching and Information Retrieval", Jun. 19, 1997, 13 Pages.|
|29||TS.Census, unparalled IT asset inventory and tracking, 2003. 2 Pages.|
|30||Yao, et al., "Rule + Exception Strategies for Security Information Analysis", Date: Sep.-Oct. 2005, vol. 20, Issue: 5, pp. 52-57.|
|31||Zitser et al., "Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code", Oct. 31-Nov. 6, 2004, ACM, New Port Beach, CA, pp. 97-106.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US8407604||Dec 30, 2008||Mar 26, 2013||International Business Machines Corporation||Messaging system and method|
|US9319420 *||Jun 8, 2012||Apr 19, 2016||United Services Automobile Association (Usaa)||Cyber intelligence clearinghouse|
|US20100169793 *||Dec 30, 2008||Jul 1, 2010||Kevin Solie||Messaging system and method|
|U.S. Classification||726/22, 707/708, 726/23, 709/218, 709/217, 707/709, 707/706, 709/224, 726/25, 707/710, 726/24, 709/219|
|Dec 12, 2007||AS||Assignment|
Owner name: MICROSOFT CORPORATION, WASHINGTON
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHANG, DONGMEI;DANG, YINGNONG;HOU, XIAOHUI;AND OTHERS;REEL/FRAME:020237/0354;SIGNING DATES FROM 20070613 TO 20070620
Owner name: MICROSOFT CORPORATION, WASHINGTON
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHANG, DONGMEI;DANG, YINGNONG;HOU, XIAOHUI;AND OTHERS;SIGNING DATES FROM 20070613 TO 20070620;REEL/FRAME:020237/0354
|Dec 9, 2014||AS||Assignment|
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034542/0001
Effective date: 20141014
|Jan 13, 2016||FPAY||Fee payment|
Year of fee payment: 4